Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firebase REST API Authenticate With Phone Number

Tags:

rest

firebase

api

firebase-authentication

I am using PAW to try and test different cloud functions deployed with Firebase. The app uses phone authentication, however currently there is little to no documentation on how to accomplish phone number authentication via REST API.

I have whitelisted a phone number for testing as per instructions here.

It appears that what I need to do is call on the verifyPhoneNumber method, which I have pieced together that the REST API endpoint I need is in the format:

https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPhoneNumber?key={WEB_API_KEY}

Now where I get stuck is in trying to pass the data that is expected. It looks like this endpoint expects a phoneNumber and an applicationVerifier object. I've pieced this together from the corresponding documentation here.

I try to make a request that looks like:

POST /identitytoolkit/v3/relyingparty/verifyPhoneNumber?key={WEB_API_KEY}
Content-Type: application/json; charset=utf-8
Host: www.googleapis.com
Connection: close
User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.6) GCDHTTPRequest
Content-Length: 73

{"phoneNumber":"+18035551111","applicationVerifier":{"type":"recaptcha"}}

The response I receive is:

HTTP/1.1 400 Bad Request
Vary: X-Origin
Vary: Referer
Content-Type: application/json; charset=UTF-8
Date: Thu, 13 Sep 2018 16:35:33 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Accept-Ranges: none
Vary: Origin,Accept-Encoding
Connection: close

{
  "error": {
    "code": 400,
    "message": "MISSING_SESSION_INFO",
    "errors": [
      {
        "message": "MISSING_SESSION_INFO",
        "domain": "global",
        "reason": "invalid"
      }
    ]
  }
}

I'm not sure what I'm doing wrong at this point as I'm running out of documentation and sort of just blindly guessing parameters now. How can I authenticate via white-listed phone number via REST API for testing?

like image 684
DjH Avatar asked Sep 13 '18 16:09

DjH

People also ask

How do I add my phone number to Firebase authentication?

In the Firebase console, open the Authentication section. In the Sign in method tab, enable the Phone provider if you haven't already. Open the Phone numbers for testing accordion menu. Provide the phone number you want to test, for example: +1 650-555-3434.

Is Firebase SMS verification free?

Authentication. Prices are per successful verification. On the Blaze plan, Phone Authentication provides a no-cost tier. The first 10K verifications for both instances (USA, Canada, and India and All other countries) are provided at no cost each month.

2 Answers

After a lot of research (I'm struggling to create automated tests for my "login with phone" flow), I finally found a solution for this, based on @Danut Pralea's answer. Hopefully it will help people in future :)

Considering that your phone number is already whitelisted (as mentioned in the question), first step would be a call to firebase to send the verification code:

POST /v1/accounts:sendVerificationCode?key={WEB_API_KEY} HTTP/1.1
Host: identitytoolkit.googleapis.com:443
Content-Type: application/json
Content-Length: 39

{
    "phoneNumber": "{PHONE_NUMBER}"
}

The response will be the sessionInfo, like this:

{
    "sessionInfo": "ALiwoWJhYJgtFav1DKc0yBoTwcjjiyQNu240eDJ76GmlH-2i3RmHAYamaPkx3rjEmOBcgrua5QfLw8Nrn_QwjVPO6N09fYsiWQha0-5o2Jb5Hwqxkw7qwsl6YK0gotZ16HmiwqJkyd-stAXTVU1ZIBUwfrFqZmFY7g"
}

Then, the next step is to use login in firebase with the code (same used in the whitelisting) and the session info:

POST /v1/accounts:signInWithPhoneNumber?key={WEB_API_KEY} HTTP/1.1
Host: identitytoolkit.googleapis.com:443
Content-Type: application/json
Content-Length: 207

{
    "sessionInfo": "ALiwoWJhYJgtFav1DKc0yBoTwcjjiyQNu240eDJ76GmlH-2i3RmHAYamaPkx3rjEmOBcgrua5QfLw8Nrn_QwjVPO6N09fYsiWQha0-5o2Jb5Hwqxkw7qwsl6YK0gotZ16HmiwqJkyd-stAXTVU1ZIBUwfrFqZmFY7g",
    "code": 123456
}

And that's it! Response will be something like:

{
    "idToken": "idToken",
    "refreshToken": "refreshToken",
    "expiresIn": "3600",
    "localId": "localId",
    "isNewUser": false,
    "phoneNumber": "{PHONE_NUMBER}"
}

More info in the official documentation: https://cloud.google.com/identity-platform/docs/reference/rest/v1/accounts

like image 125
finx Avatar answered Sep 18 '22 02:09

finx
  1. Create you verification code request (the key is an environment variable)

send verification code part 1 send verification code part 2

  1. (but this is optional) make the session info a Body Response Dynamic Value

enter image description here

  1. Create your verify phone number request

enter image description here

  1. (again, optional) make the idToken also a Body Response Dynamic Value

enter image description here

  1. Use the idToken dynamic value in any other subsequent requests you perform to Firebase

enter image description here

The best part about adding the variables as Body Response Dynamic Values is you can chain them and call them in a sequence:

enter image description here

like image 20
Danut Pralea Avatar answered Sep 18 '22 02:09

Danut Pralea
Sign in to Comment

Related questions

Login via Rest web service from android using retrofit not working
How do I post XML to RESTFUL Web Service using Net::HTTP::Post?
How to handle asynchronous operations in REST
WebGet with No Parameters or UriTemplate Fails
POST request not uploading file to the server
Spring Data REST - PUT request does not work properly since v.2.5.7
connect ECONNREFUSED in Postman
Getting started consuming web services in a Ruby on Rails 3 application
Testing RESTful web services using PHPUnit
How to Route non-CRUD actions in a RESTful ASP.NET Web API?
User Registration in Devise through API
RESTful design, how to name pages outside CRUD et al?
Best way to create REST API for long lasting tasks?
How do I authenticate user in REST web service?
Structuring a many-to-many relationship between models for Rails and Backbone.js
How to use S3 as static web page and EC2 as REST API for it together? (AWS)
How to use RAML to describe an API using OAuth2 [closed]
Sending cookie as request header in SOAP UI request for rest web service
How should I store a token generated by a RESTful API?
REST API GET with sensitive data

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!